similar to: Kerberos Principal

You mean something like : Create a user for a service. samba-tool user create squid-proxy --description="Unprivileged user for SQUID-Proxy Services" --random-password Disable password expiry. samba-tool user setexpiry squid-proxy --noexpiry setting HTTP SPN on the proxy user (proxy1) samba-tool spn add HTTP/proxy1.internal.domain.tld squid-proxy samba-tool spn add

I was trying to get authentication via kerberos working but I'm having trouble trying to run ktpass as in step 6 here http://robertan.com/home/2015/01/14/kerberos-auth-with-apachephp/ ktpass -princ HTTP/contoso.com at CONTOSO.COM -mapuser CONTOSO\<USERNAME> -crypto all -ptype KRB5_NT_PRINCIPAL -pass <PASSWORD> -out webpage.HTTP.keytab I'm not sure of the

Hi, I was trying to get a new keytab in samba4 for my apache service. So I tried the following command: sh ktpass.sh --out /etc/apache.keytab --princ HTTP/myhost.samba.my.domain at SAMBA.MY.DOMAIN --pass VerySecure123 --enc des-cbc-md5 I get the following error: Unable to find kvno for principal HTTP/myhost.samba.my.domain at SAMBA.MY.DOMAIN Am I doing something wron or shouldn't I be

Hi, On 27-06-2016 08:58, Mark Foley wrote: > So, I'm apparently lacking in the kerberos stuff. Here's the problem -- Samba4 uses Heimdal > Kerberos and when I provisioned my domain apparently none of these needed kerberos files were > set up. I can, however, kerberos authenticate from domain workstations both WIN7 and Linux. You don't need any Samba4 stuff, to get it

Hello, I'm trying to access a samba share using an ADS user credentials. I always get an error, and the debug traces (log level = 5) are giving me the output in the follow. I have searched the samba ML archives, and I have found the thread http://lists.samba.org/archive/samba/2004-April/084545.html but, before asking the system admin to apply the eventual KB fixes, I would like to know if the

Hello List, I am (unsuccessfully) trying to automatically get a valid kerberos ticket for my linux box. I have - in a test environment: - a windows 2000 server with Active directory and DNS properly set up. - a suse linux 9.0 router with samba3.0.2.rc.1 and heimdal 0.6.-67. - I am able to join the domain and get a valid ticket through kinit, if I enter the Administrator's password or the

Am 16.09.2016 um 22:49 schrieb Rowland Penny via samba: > On Fri, 16 Sep 2016 22:43:42 +0200 > Achim Gottinger via samba <samba at lists.samba.org> wrote: > >> >> Am 16.09.2016 um 22:00 schrieb Robert Moulton via samba: >>> Achim Gottinger via samba wrote on 9/15/16 1:20 AM: >>>> >>>> Am 15.09.2016 um 09:35 schrieb Rowland Penny via

Am 16.09.2016 um 22:00 schrieb Robert Moulton via samba: > Achim Gottinger via samba wrote on 9/15/16 1:20 AM: >> >> >> Am 15.09.2016 um 09:35 schrieb Rowland Penny via samba: >>> On Wed, 14 Sep 2016 16:23:27 -0500 >>> Michael A Weber via samba <samba at lists.samba.org> wrote: >>> >>>>> On Sep 14, 2016, at 2:00 PM, Achim

Hai   After my squid group adventure, i have a remaining question here.   The problem was as followed. ( and this probely dont applie to squid kerberos helpers only. )   samba-tool setup for squid i used, was as followed.   samba-tool user create squid1-service --description="Unprivileged user for SQUID1-Proxy Services" --random-password samba-tool user setexpiry

no thats not it samba-tool does not set upn but msktutil does set the upn. So an option for samba-tool to set upn would be nice... Greetz Louis > Op 28 dec. 2016 om 18:38 heeft Rowland Penny via samba <samba at lists.samba.org> het volgende geschreven: > > On Wed, 28 Dec 2016 17:05:39 +0100 > "L.P.H. van Belle via samba" <samba at lists.samba.org> wrote:

First thing - I'd like to say a big "THANK YOU" to the developers. I just upgraded to samba-3.0.23 and I've noticed an alarming issue with respect to my configuration. I've been using the built-in keytab management and it looks like the updated code no longer creates the userPrincipal in Active Directory. Whether this is an issue for others or not, it would be nice to have

Hi Rowland, Hi looks like the "-c" option is optional. My problem is not really the kerberos cache file, but the "principal" linked to the user kerbuser. The principal is HTTP/webserver.MYDOMAIN.LOCAL at MYDOMAIN.LOCAL I would like to use kinit and give this principal as parameter. something like : > kinit -k -t /root/my.keytab HTTP/webserver.MYDOMAIN.LOCAL at

Am 15.09.2016 um 09:35 schrieb Rowland Penny via samba: > On Wed, 14 Sep 2016 16:23:27 -0500 > Michael A Weber via samba <samba at lists.samba.org> wrote: > >>> On Sep 14, 2016, at 2:00 PM, Achim Gottinger <achim at ag-web.biz> >>> wrote: >>> >>> >>> >>> Am 14.09.2016 um 20:33 schrieb Michael A Weber: >>>>>

2016-08-30 16:10 GMT+02:00 Rowland Penny via samba <samba at lists.samba.org>: > On Tue, 30 Aug 2016 15:58:13 +0200 > mathias dufresne via samba <samba at lists.samba.org> wrote: > > > And reading last mails comforts me in believing the filter used by > > client side to retrieve user is not correct, that filter should use > > SPN then you won't need to

Hi, I have posted the following message to Squid-Users forum ( squid-users at lists.squid-cache.org). "I have migrated of Samba 4.2.1 to Samba 4.6.3 as DC, but now my Squid authentication doesn't work. In samba 4.2.1 is working properly. This is my authentication block: auth_param basic program /usr/lib/squid3/basic_ldap_auth -R -b DC=empresa,DC=com,DC=br -D

Am 16.09.2016 um 22:54 schrieb Robert Moulton via samba: > Achim Gottinger via samba wrote on 9/16/16 1:43 PM: >> >> >> Am 16.09.2016 um 22:00 schrieb Robert Moulton via samba: >>> Achim Gottinger via samba wrote on 9/15/16 1:20 AM: >>>> >>>> >>>> Am 15.09.2016 um 09:35 schrieb Rowland Penny via samba: >>>>> On Wed,

And reading last mails comforts me in believing the filter used by client side to retrieve user is not correct, that filter should use SPN then you won't need to set up SPN into UPN field. 2016-08-30 15:55 GMT+02:00 mathias dufresne <infractory at gmail.com>: > Hi Louis, > > > 2016-08-29 16:18 GMT+02:00 L.P.H. van Belle via samba < > samba at lists.samba.org>: >

Hi. I'm using Samba 4 on two Zentyal servers as Domain Controller and now I have to authenticate some services to it (Apache and PAM in particular). The LDAP integration asks me for a LDAP bind password, but I cannot find out where it is on Zentyal. Is there a way to check (or change it) directly on Samba 4? Or is it preferable to authenticate against Active Directory or Kerberos? Thank you

> On Sep 14, 2016, at 2:00 PM, Achim Gottinger <achim at ag-web.biz> wrote: > > > > Am 14.09.2016 um 20:33 schrieb Michael A Weber: >> >>> On Sep 14, 2016, at 1:10 PM, Achim Gottinger <achim at ag-web.biz <mailto:achim at ag-web.biz>> wrote: >>> >>> >>> >>> Am 14.09.2016 um 19:53 schrieb Michael A Weber:

Short story: cannot get Kerberized NFSv4 to work. I've googled a great deal and cannot find where I have goofed (and there sure is a lot of misleading and just plain incorrect information out there), so would appreciate another pair of eyes. NFSv4 without Kerberos does work fine, as does ID mapping. We're using NFSv4 in production with sec=sys, but I'm not happy with that. My